Need Help to check DH_generate_key() functionality

Priyanka C Priyanka.C at
Fri Sep 16 11:57:30 UTC 2022

Dear OpenSSL Team,

While migrating to OpenSSL 3.0 we are facing issue with use of DH_generate_key(). Getting dh->pub_key NULL.
Logic used is as given below, I have omitted the error handling code.

  *   p and g buffer is of type unsigned char *
  *   p_len is 128 and g_len is 1.

              DH *dh;
dh = DH_new();
dh->params.p = BN_bin2bn(p, p_len, NULL);
dh->params.g = BN_bin2bn(g, g_len, NULL);

I have checked openssl man pages (
According to which DH_generate_key() expects dh to contain the shared parameters p and g only, still not able to generate pub_key.

Tried solutions given on following links:
Approach 1:
              Used DH_new_by_nid() instead of DH_new() .

Approach 2:
We were skeptical about the values of p and g so tried setting valid values for p q and g using DH_set0_pqg().

BIGNUM *a = BN_bin2bn(p, p_len, NULL);
BIGNUM *b = BN_bin2bn(g, g_len, NULL);
DH_set0_pqg(dh, a, NULL, b);

But this did not help, as this set function does not change q value if NULL is passed.
We don't have idea about what can be a valid value for q which we can set.

Approach 3:
Currently working on the solution given on this link, using EVP wrappers for DH key generation.

Please help to look into this and guide with possible solutions.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list